From 67d6f924d8b418cd6bfc7a80f302eb83f63d0df7 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Tue, 23 May 2023 15:57:06 +0800
Subject: [PATCH] Create CVE-2022-36642.md

add CVE-2022-36642
---
 CVE-2022-36642.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 CVE-2022-36642.md

diff --git a/CVE-2022-36642.md b/CVE-2022-36642.md
new file mode 100644
index 0000000..fddf1fd
--- /dev/null
+++ b/CVE-2022-36642.md
@@ -0,0 +1,12 @@
+## Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)
+
+|   **Vulnerability**  | **Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)**  |
+| :----:   | :-----|
+|  **Chinese name**  | Telos Alliance Omnia MPX Node 硬件编解码器 downloadMainLog 文件 fname 参数文件读取漏洞（CVE-2022-36642） |
+| **CVSS core**  | 7.6 |
+| **FOFA Query**  (click to view the results directly)| [body="Omnia MPX"](https://en.fofa.info/result?qbase64=Ym9keT0iT21uaWEgTVBYIg%3D%3D) |
+| **Number of assets affected**  | 49 |
+| **Description**  | Telos Alliance Omnia MPX Node is a special hardware codec of Telos Alliance of the United States. Ability to leverage Omnia μ The MPXTM algorithm sends or receives complete FM signals at data rates as low as 320 kbps, making it ideal for networks with limited capacity, including IP radios. There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. |
+| **Impact** | There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/23/e024d90bde2b5088.gif)